Have you ever endured a project meeting where you spent hours evaluating risks? Afterward, team members walked down the hall saying, “What a waste of time! Now I can get back to the real work.” Today, let's discuss the use of qualitative risk analysis to get you back on track.
What causes this frustration? First, the evaluation process may not fit the project – too complex for simple projects or deficient for large, complex projects. Second, the process may not fit the maturity level of the project team. Third, team members view the process as burdensome with little value.
Two Types of Risk Analysis
Risk evaluation is the process to determine the significance of each risk. There are two ways to evaluate risks:
- Qualitative Risk Analysis. Qualitative analysis such as rating probability and impact should always be performed. This allows you to quickly prioritize and rank your risks.
- Quantitative Risk Analysis. Quantitative analysis is not always performed. This analysis requires more time but provides more data to aid in making decisions. (We will cover quantitative evaluations in another post.)
Why Evaluate Project Risks?
You cannot respond to all risks, neither should you. Prioritization is a way to deal with competing demands. This aids in determining where you will spend your limited time and effort.
We evaluate in order:
- To have the greatest impact. Eighty percent of the impact will come from twenty percent of the risks. What are the vital few things that we should do that will have the greatest impact on minimizing threats and maximizing opportunities?
- To respond wisely and appropriately. The goal of evaluating risks is to discriminate between one risk and another. This aids us in determining the amount of effort to invest in developing response plans.
- To assign resources suitably. Assign your most skilled, knowledgeable resources to the projects with the greatest risk.
How to Perform Qualitative Risk Analysis
Let’s look at two qualitative risk evaluation methods: 1. the KISS Method, and 2. the Probability/Impact Assessment.
Be sure to specify your risk analysis technique(s) in your Risk Management Plan as you assess your risks, capture and maintain your risk ratings in your risk register.
Check with your organization to determine whether there is a definition of risk scales. If not, define the criteria for your scale.
Do you know how to engage your project stakeholders and evaluate risks quickly?
If you have lots of projects, if you aren't sure what matters most, if you wasting time work on the wrong things, if you are missing golden opportunities; then learn how to Perform Qualitative Risk Analysis.
Two Methods of Qualitative Risk Analysis
1. KISS Method
I use the KISS (Keep It Super Simple) Method on smaller projects and with teams that lack maturity in assessing risks. This one-dimensional technique involves rating risks as:
- Very Low
- Very High
This scale allows greater discrimination than the commonly used Low, Medium, and High scale.
2. Probability/Impact Assessment
I normally use this technique with larger, more complex projects and with teams that have experience with risk assessments.
This two-dimensional technique is used to rate probability and impact. Probability is the likelihood that a risk will occur. The impact is the consequence or effect of the risk, normally associated with impact to schedule, cost, scope, and quality. Rate probability and impact using a scale such as 1 to 10.
Once you have rated each risk, calculate the Risk Score as Probability x Impact. I sort my risks in descending order with the Risk Score as the primary sort.
Risks Analysis in Program Management
The Probability/Impact Assessment also helps in programs. I total the risk scores within each project to calculate the Project Risk Score and compare the scores between projects. This helps me understand which projects have the greatest risk exposure and where I need the most skilled people.